I'm just starting off with PHP and I've been trying to validate an HTML form and then POST the form's data onto another page, for some reason this doesn't seem to want to work. The issue is that when submit is clicked the page simply refreshes if there are no errors. Here are snippets of the code:
<?php
$nameErr = $surnameErr = " ";
$name = $surname = " ";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$valid = 0;
if (empty($_POST["name"])) {
$nameErr = "Name is required";
$valid++;
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["surname"])) {
$surnameErr = "Surname is required";
$valid++;
} else {
$surname = test_input($_POST["surname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$surname)) {
$surnameErr = "Only letters and white space allowed";
}
}
if($valid == 0){
header('LOCATION: page2.php');
exit();
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
And here is the HTML
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>">
<div class="label1">
<label>First Name</label>
<input type="text" name="name" id="name" placeholder="John" value="<?php echo $name;?>" onblur="validateName('name')">
<label>Surname</label>
<input type="text" name="surname" id="surname" placeholder="Smith" value="<?php echo $surname;?>" onblur="validateSurname('surname')"> <br />
<input type="submit" name="submit" value="Submit">
</div>
</form>
page2.php
<html>
<body>
Welcome <?php echo $_POST["name"]; ?><br>
Your surname is: <?php echo $_POST["surname"]; ?>
</body>
</html>
When you do your header('LOCATION: page2.php'); you will loose all your posted data, that will not be available in page2.php.
There are several solutions to that, for example:
use include instead of a header redirect;
store the posted data in a session or a database so that it is available in other pages.
I don't see any reason why you could not use an include here, is there a specific reason you want to redirect?
Try this
**main page**
<form method="post" action="page2.php">
<div class="label1">
<label>First Name</label>
<input type="text" name="name" id="name" placeholder="John" onblur="validateName('name')">
<label>Surname</label>
<input type="text" name="surname" id="surname" placeholder="Smith" onblur="validateSurname('surname')"> <br />
<input type="submit" name="submit" value="submit">
</div>
</form>
**page2.php**
<?php
if (isset($_POST['submit'])) {
$valid = 0;
if (empty($_POST["name"])) {
$name = "Name is required";
$valid++;
} else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$name = "Only letters and white space allowed";
}
else{$name=$_POST["name"];}
}
if (empty($_POST["surname"])) {
$surname = "Surname is required";
$valid++;
} else {
$surname = test_input($_POST["surname"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$surname)) {
$surname = "Only letters and white space allowed";
} else{$surname=$_POST["surname"];}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<html>
<body>
Welcome <?=$name?><br>
Your surname is: <?=$surname?>
</body>
</html>
Related
I want to validate the input of a user so only letters/number and whitespace is allowed. I found a few examples on google and this is what I made out of it. For me this code is logic and should work but whenever I put a special character inside the form and after that press the submit button it wont show the error.
Does anyone know what I missed here or what I did wrong?
<?php
$Input1 = "";
$Input1Err = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(empty($_POST["Input1"])){
$Input1Err = "Enter something.";
}else{
$Input1 = test_input($_POST["Input1"]);
if(!preg_match("/[^a-z0-9 _]+$/i", $Input1)){
$Input1Err = "Only letters and space is allowed.";
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
and here is the html code i use:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<p>Enter your name <input type="text" required name="Input1" placeholder="Enter here.."></p>
<span class="error">*<?php echo $Input1Err;?></span>
Try this :
<?php
if(isset($_POST['submit']) && $_POST['name'] != "")
{
$name = $_POST['name'];
$pattern = "/[^a-z0-9 _]+$/i";
$result = htmlspecialchars(stripslashes(preg_match($pattern, $name)));
echo $name;
} else {
echo "Please enter something.";
}
?>
HTML Form :
<form method="post" action="<?= $_SERVER['PHP_SELF']; ?>">
<input type="text" name="name" required="">
<input type="submit" name="submit" value="Submit Form">
</form>
Regular Expression to allow only letters numbers and space
^[a-z0-9 .\-]+$
Also there is one closing parenthesis missing in if else condition
$Input1 = "";
$Input1Err = "";
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if(empty($_POST["Input1"]))
{
$Input1Err = "Enter something.";
}
else
{
$Input1 = test_input($_POST["Input1"]);
if(!preg_match('/^[a-z0-9 .\-]+$/i', $Input1))
{
$Input1Err = "Only letters and space is allowed.";
}
}
}
When the user visits the Visitor Log page, they should be able to see a prompt asking them to enter their name. Upon submitting the form, the same page should display a completely different message welcoming the user to the web page. When the user refreshes the page, the process starts over.
This is what I have tried so far, it works, but I still don't understand how I would display a whole new message after the input.
Here is the code I have I need help with only using PHP to have the correct desired result
Attempt
<?php
// define variables and set to empty values
$nameErr = "";
$name = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
}
else {
$name = test_input($_POST["name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<p2 id="example-id-name" class="centered-text "></p>
<p><span class="error"></span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<input type="text" name="name" value="<?php echo $name;?>">
<span class="error"> <?php echo $nameErr;?></span>
<br> <br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "$name";
echo "<br>";
?>
Where you're echoing name, you can check whether you have it or not and choose the message to display
<?php
if($name) {
echo "Hi $name!\n Welcome to our store!"
}
else {
echo "Please enter your name"
}
echo "<br>";
?>
You can write inline php and functions.
Code:
<?php
# filter input
function filter($var) {
return htmlspecialchars(stripslashes(trim($var)));
}
# validate name
function validate_name(&$name, &$err){
if(empty($name)){
$err = "Name is required";
return;
}
$name = filter($name);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$err = "Only letters and white space allowed";
}
}
$method = filter_input(INPUT_SERVER, 'REQUEST_METHOD');
$err = "";
# If client post a name, then validate the name
if ($method === "POST"){
$name = $_POST["name"] ?? "";
validate_name($name, $err);
}
?>
<!-- The form -->
<form method="post">
<label>
<input type="text" name="name" value="<?=$name ?? ""; ?>">
</label>
<!-- Show if error -->
<?php if (!empty($err)) { ?>
<span class="error">
<?=$err ?>
</span>
<?php } ?>
<br>
<input type="submit" name="submit" value="Submit">
</form>
<?php if (isset($name) && empty($err)) { ?>
<p>Hi <?=$name ?>!</p>
<p>Welcome to our store!</p>
<?php } ?>
PHP portion, where variables are initialized and set to empty. As well as the post methods and isset functions
The functions seem to be right, no errors when running the code. However, nothing is processed when the user submits everything. This is just a small portion of the code.
<?php
//define variables and set them to empty values
$fname_error= $phone_error= $address1_error= $address2_error= $city_error= $state_error= $zipcode_error= "";
$fname= $phone= $address1= $address2= $city= $state= $zipcode= "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fname_error = "Missing";
}
else {
$fname = test_input($_POST["fname"]);
//now we check to see that the name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/",$fname)) {
$fname_error = "Please use letters and white space only";
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
The Html portion:
<div class="userinput">
<label for="fname"><b>First Name</b></label>
<input type="text" name="fname" value="<?php
echo $fname ?>">
<span class="error">
<?php echo $fname_error;?></span>
</div>
Close the conditional REQUEST_METHOD.
Your code should look like this:
<!DOCTYPE HTML>
<html>
<head>
<style>
.error {color: #FF0000;}
</style>
</head>
<body>
<?php
//define variables and set them to empty values
$fname_error = $phone_error = $address1_error = $address2_error = $city_error = $state_error = $zipcode_error = "";
$fname = $phone = $address1 = $address2 = $city = $state = $zipcode = "";
//flag to validate and allow SQL insert if true
$valid=true;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["fname"])) {
$fname_error = "Missing";
$valid=false;
} else {
$fname = test_input($_POST["fname"]);
//now we check to see that the name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z ]*$/", $fname)) {
$valid=false;
$fname_error = "Please use letters and white space only";
}
}
}
//filter your input for security reason
function test_input($data) {
$data1 = trim($data);
$data2 = stripslashes($data1);
$data3 = htmlspecialchars($data2);
return $data3;
}
if($valid){
//Add you insert SQL
}
?>
<h2>PHP Form Validation Example</h2>
<p><span class="error">* required field</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
<label for="fname"><b>First Name</b></label>
<input type="text" name="fname" value="<?php echo $fname ?>">
<span class="error">
<?php echo $fname_error; ?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
//For testing porpuses:
echo "<h2>Your Input:</h2>";
echo $fname;
?>
</body>
Reference: https://www.w3schools.com/php/php_form_complete.asp
Form validation
I am trying to validate a form field (to be used for First Name) for letters and dashes only, but regardless of how I implement the code, the value of $player_name is still being set.
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["player_name"])) {
$nameErr = "Name is required";
} else {
$player_name = test_input($_POST["player_name"]);
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z -]+$/",$player_name)) {
$nameErr = "Only letters and white space allowed";
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
The form has been implemented using the following code:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Registration Date: <input type="text" name="date_captured" id="date_captured" value="<?php echo $current_date; ?>">
<br><br>
Name: <input type="text" name="player_name" id="player_name">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit">
</form>
<?php
echo "<h2>Your Input:</h2>";
echo $date_captured;
echo $player_name;
echo "<br>";
?>
Even though the "Only letter and white space allowed" error is set and displayed, the value of $player_name is still set.
I fixed it using the following:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$fieldTitle = "Player Name";
if (empty($_POST["player_name"])) {
$player_nameErr = $fieldTitle . $requiredErrorText;
} else {
// check if name only contains letters and whitespace
if (!preg_match("/^[a-zA-Z -]*$/",test_input($_POST["player_name"]))) {
$player_nameErr = $nameValidationErrorText;
} else {
$player_name = test_input($_POST["player_name"]);
}
}
here is the code
<body>
<?php
$name=$email=$pwd=$nameErr=$emailErr=$pwdErr=$flag="";
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
if (empty($_POST["name"]))
{
$nameErr = "Name is required";
}
else
{
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name))
{
$nameErr = "Only letters and white space allowed";
$flag=0;
}
else
{
$flag=1;
}
}
if (empty($_POST["email"]))
{$emailErr = "Email is required";}
else
{
$email = test_input($_POST["email"]);
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/",$email))
{
$emailErr = "Invalid email format";
$flag=0;
}
else
{
$flag=2;
}
}
if(empty($_POST["pwd"]))
{$pwdErr="enter password";}
else
{
$pwd=test_input($_POST["pwd"]);
if(!preg_match("/^[a-zA-Z ]*$/",$pwd))
{
$pwdErr="Only characters and white spaces are allowed";
$flag=0;
}
else
{
$flag=3;
}
}
if($flag=1 && $flag=2 && $flag=3)
{
header("Location: login.php");
}
else
{
header("Location:form.php");
}
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
Name:<input type="text" name="name" value="<?php echo $name; ?>"/>
<span class="error"><?php echo $nameErr; ?></span><br />
Password:<input type="password" name="pwd" value="<?php echo $pwd; ?>" />
<span class="error"><?php echo $pwdErr; ?></span><br />
Email:<input type="text" name="email" value="<?php echo $email; ?>"/>
<span class="error"><?php echo $emailErr; ?></span><br />
<input type="submit" name="submit" value="submit" />
</form>
The problem is that I want the webpage to navigate to "login.php" after validations are completed. But it is getting navigated to the "login.php" page by clicking on button and the navigations are also not getting checked.
Can anyone help me to fix this? Thanks in advance.
There is a logical problem here if($flag=1 && $flag=2 && $flag=3) and secondly you should use == for comparison. And also how $flag has a value 1,2 and 3 simultaneously?
Adittionaly you should implement some session handling
http://www.w3schools.com/php/php_sessions.asp
http://www.php.net/manual/en/book.session.php